[Nagiosplug-devel] Antwort: Re: Antwort: Security discussion - don't run as root plugins
Sascha.Runschke at gfkl.com
Sascha.Runschke at gfkl.com
Mon Jul 21 11:16:39 CEST 2008
nagiosplug-devel-bounces at lists.sourceforge.net schrieb am 21.07.2008
10:49:12:
> > Don't do the same mistake and enforce your ideas on users.
> > If someone wants to run as root - whatever her reason may be - then
> > let her do so. If it was done by mistake - she learned something
from
> > it now (hopefully).
> > The way to go is the un-intrusive way of privilege dropping.
> > If a program does not need root privileges, it should drop them and
> > in my opinion that's the responsibility of the author.
>
> I'd rather go the "munin" way:
> # /usr/bin/munin-cron
> You are running this program as root, which is neither smart nor
necessary.
> If you really want to run it as root, use the --force-root option. Else,
run
> it as the user "munin". Aborting.
>
> Clear, self-explanatory, concise, but still flexible.
I do not agree on that. It will break quite a few setups.
That would require defining different checks for different machines,
if you have some where you connect as root and some where you connect
as nagios or even different user. That quite normal if you monitor
machines of other companies...
S
--
Sascha Runschke
Netzwerk- und Systemmanagement
Telefon : +49 (201) 102-1879 Mobil : +49 (173) 5419665 Fax : +49 (201)
102-1102105
GFKL Financial Services AG
Vorstand: Dr. Peter Jänsch (Vors.), Jürgen Baltes, Dr. Till Ergenzinger, Dr. Tom Haverkamp
Vorsitzender des Aufsichtsrats: Dr. Georg F. Thoma
Sitz: Limbecker Platz 1, 45127 Essen, Amtsgericht Essen, HRB 13522
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20080721/32bb3570/attachment.html>
More information about the Devel
mailing list